Better than a poke in the eye with a wet fish

Two-zero-zero-five

A new year has begun; the future is a blank canvas. Exciting stuff. I’ve ignored buggery.org for the first elevn days of the new year — not really on purpose, I’ve just had other things occupying my consciousness, like work and the shitty weather and my plan for global domination in the coming year … the usual.

In an attempt to make life difficult for comment spammers, I managed to break the comment system a few days ago. It’s partially functional now; still slightly broken but you can post comments again. Sorry for the nuisance meanwhilst.

First line of defence is comment moderation built into the current version of MT. This works pretty well, but I realise it’s a bitch to have to wait before your comments get posted on the site. If I eventually get everything else working OK, I hope to turn comment moderation off.

MT-Blacklist is the next line of defence; the most recent version is worth seeking out (especially as there was a very critical bug in a recent version). I’ve added a bunch of catch-all phrases to my blacklist file which have cut the amount of recent spam down to zero.

Third line of defence is very simple and quite effective. Rename mt-comment.cgi to something else. You also need to change a line in the MT config file and rebuild your site. It only takes a day or two before some spammers figure out the new filename, but it really works. Six Apart recently put out a Guide to Combatting Comment Spam which explains how to do this.

Fourth line of defence is to install a Turing Test — that’s the random number “security check” thingy that is on the comment form. This uses the Scode plugin (or would if it worked: it was installing this that caused me to break my installation the other day). Hopefully I’ll have time to get this working soon.

Finally, get the most recent MT, as earlier versions rebuild the site every time a spam message is posted, even if the spam is blocked by MT-Blacklist. Getting the latest (3.14) version of MT fixes this and so reduces server load enormously.